realistic 1

Hi, I am new to the site with knoledge of html css javascript and php, also basic xss and javascript injection. but I cant seem to figure out what to do. there is apparently a cookie that identifies if you are the admin or not but the cookie seems to be encrypted, that is about as far as I have gotten. any help on how to get the cookie and make your own to trick the site, any other help would be very much appreciated(Hopefully no spoilers)

dont worry about the password when you could possibly change your se***on instead at the place where you use $

using the user_agent switcher in fire fox? PS ( know any tutorials or sites to help with xss and cookie stealing?) pss thank you for the help

… no. complete the sentence. Class is in Se__i_n, take your seats!

Google it.

Hello,

I Lemur you probably know more but it seems to me that he is not on the right track.

Look at the cookie. What if the [try lemur's hint] denotes who you are? What if you could replace it with something more useful, thereby increasing your privileges? What if there's a secret directory somewhere to help you know what to change it to?

Hope that helped. I could make it more cryptic, but I'm kinda tired right now. PM me if you still need anything.

hmmm…. perhaps. but how do you change the (session?) also, I still need help getting the cookie or rather modifying the one it gives me. and if it is not to much, how would i find this hidden directory? (sry I know I am already pushing it, if I am to noobish for this challenge please tell me)

There is a nifty firefox extension that allows you to easily view and edit cookies. It's called 'Add N Edit Cookies'.

About the hidden directory: Telling you would basically give away the challenge. It's not hard to find and it's not really hidden- per se…

ah I think I know what to do now, thank you so much for the help

Any time. I like helping people- it makes me feel like I know something. Any more questions, feel free to ask away.

all right, I got to the other directory where there were 2 files Jondoe and administrator. I opened them both up and entered in the correct pass word and user name for both. but both faild. i even tried changing the cookies to the correct values and IDs but same results, what am I doing wrong?

As far as I can tell…nothing. PM me exactly what's going on and I'll see if that sheds some light on the problem. By the way, realistic missions are supposed to be done after you know what you're doing. Maybe working on some of the basics will help you out.

^^^^Yes, You should start off doing the basic and javascript challenges first. Give's a good bases for the reals.^^^^

Edit:spelling

i have done most of the basic and some of the javascript. but you are right I should probably finish more before continuing to realistic 2

Theironrose wrote: i have done most of the basic and some of the javascript. but you are right I should probably finish more before continuing to realistic 2

3 out of the 27 basic challenges is not most. i think the ability to count is should be a prerequisite for this challenge.

ynori7 wrote: 3 out of the 27 basic challenges is not most. i think the ability to count is should be a prerequisite for this challenge.

This gave me my first morning (irl) lol :D

He only has about 19% of the basic/javascript done